(a) Field of the Invention
The present invention relates generally to a system and method for conducting secure electronic commercial transactions via the Internet. More particularly, it relates to a system and method that splits these transactions so that non-sensitive information is transmitted via the Internet and sensitive information, such as credit/debit card and financial account numbers, is transmitted via a second secure communication link.
(b) Description of Related Art
The explosive growth of electronic commerce conducted through the Internet has increased the need for systems and methods that can conduct these transactions with increased security. The Internet is essentially a network of networks that is readily accessible to the public and allows users to view and retrieve information on an international scale by browsing, for example, what is commonly referred to as the world-wide-web. Of particular concern are the unauthorized personnel or xe2x80x9chackersxe2x80x9d that intercept credit card numbers on the Internet and commit thefts by using these numbers to make purchases without the card owner""s authorization.
A variety of known encryption schemes have been used to increase the security of Internet transactions. Unfortunately, hackers have quickly evolved their decryption techniques, thereby significantly diminishing the protection provided by these known encryption techniques. Thus, even if encryption is used, consumers take a significant risk when they transmit sensitive information such as credit/debit card numbers, bank account numbers, and personal identification numbers (PINs) via the Internet.
Another known approach that increases the security of Internet transactions assigns each user a unique electronic signature. With this approach, transactions containing sensitive information must be accompanied by this signature for the transaction to be considered valid. This approach is typically used with encryption to protect the contents of transactions and the signature from hackers. As with the general encryption techniques described above, the user still takes a substantial risk when transmitting sensitive information using this technique because hackers may be able to decipher and/or duplicate the user""s signature for use in unauthorized transactions.
In yet another known approach, Internet transactions are conducted by initiating a transaction via the Internet and completing the transaction by having a consumer transmit sensitive information directly to a merchant either via facsimile or by making a phone call and verbally conveying the information to the merchant. Although this approach improves security by completely eliminating the transfer of any sensitive information on the Internet, it significantly diminishes the convenience that electronic shopping and banking are intended to provide.
All of the aforementioned approaches to improving the security of commercial transactions on the Internet are undesirable because they transmit sensitive customer information to merchants. As a result, customers and credit corporations remain unprotected from unscrupulous merchants that may use credit card numbers to carry out fraudulent purchases without the customer""s consent. In addition, in the process of authorizing credit purchases, merchants may pass transaction information related to a customer""s purchasing habits, such as items purchased and associated purchase amounts, to credit clearing houses that sell this information to direct marketing services, which may be undesirable for many customers.
Thus, there is a need for a system and method for conducting electronic commercial transactions via the Internet that improves security, minimizes the unnecessary transmission of information regarding customers"" purchase preferences, and that maintains the high level of convenience and efficiency demanded by electronic shoppers.
The present invention provides a system and method for conducting electronic commercial transactions via the Internet. The system uses two communication links and a split transaction scheme to significantly increase security without sacrificing convenience to the customer. The customer""s computer may utilize a conventional Internet link to browse various web pages and to initiate transactions with a business. The customer may transmit and receive non-sensitive information via the Internet. A second secure link is established with the customer""s computer, as needed, to transmit sensitive information for credit authorization processing and/or customer verification purposes. Thus, with the present invention, sensitive information, such as credit card numbers, financial account numbers, and PINs are never transmitted across the Internet, thereby preventing potential hackers from having access to it.
In accordance with one aspect of the present invention, a first communication link between a first computer and a second computer is established on the Internet. Non-sensitive information associated with a transaction is generated based on user inputs and other information derived from the Internet. At least some of the nonsensitive information is sent from the first computer to the second computer via the Internet. A second, secure communication link is established between the first computer and a third computer. Some of the non-sensitive information is sent, together with the sensitive information, to the third computer via the secure link. The third computer system then processes some of the sensitive information and some of the non-sensitive information to produce authorization information, which is subsequently sent to one of the first and second computers via one of the first and second communication links.
In some embodiments, the first computer may be associated with a customer, the second computer may be associated with a merchant, and the third computer may be associated with a credit processing center.
In other embodiments, the first communication link may be idled. The second communication link may then be terminated, and the first communication link may then be reactivated.
In accordance with another aspect of the present invention, a customer computer is programmed to allow a customer to conduct a commercial transaction on the Internet A communication module associated with the customer computer is adapted to communication the Internet. The customer computer is further programmed to receive customer inputs and webpage information and to exchange non-sensitive information with a merchant computer that is also in communication with the Internet. The customer computer is further programmed to cause the communication module to establish a second, secure communication link to a credit computer associated with a credit organization.
The invention itself, together with further objects and attendant advantages, will best be understood by reference to the following detailed description, taken in conjunction with the accompanying drawings.